About

News

Incident Response Report

This report displays incident response details on Systems that have been found in your environment to have active intrusion events. Intrusion events are events that are triggered by plugin 800125 - Long Term Intrusion Activity, or 800017 - Intrusion Statistics.

This report utilizes these plugins to assemble/filter vulnerability data for hosts that could potentially have intrusion events associated with them based on existing triggered events.

This report contains chapters/sections that display an: executive summary, identification of devices, vulnerabilities, exploits and intrusion events, as well as remediation actions. They are as follows:

Executive Summary

This chapter provides a high level overview by presenting the following: A bar graph displaying a count of hosts with intrusion events by class C address space, event trend of normalized, unnormalized, and intrusion events over the last 7 days, the top 10 exploitable vulnerabilities, for all devices is shown, along with a summary of intrusion events. The chapter also contains a table which display's the existing exploitable vulnerabilities, sorted by severity, for all devices is shown, with a summary of intrusion events. It is important to report all known existing exploitable vulnerabilities, as these are the weakest points. If an intrusion has occurred, these devices could be the first to be compromised.

Identification of Devices

This chapter provides a table and IP summary for Hosts identified from the Intrusion Activity and Statistics plugins. The chapter also contains a table which display's devices or hosts with detected intrusion activity events. IP address, NetBIOS and DNS name, OS CPE if known, and MAC address are displayed.

This chapter contains the Top 10 Remediation Actions via a Remediation Summary to assist in lowering risk.

The report is available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The report can be easily located in the SecurityCenter Feed by selecting category Threat Detection & Vulnerability Assessments, and then selecting tags 'intrusion' The report requirements are:

Training & Certification

The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.